netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jakub Kicinski <kuba@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: netdev@vger.kernel.org, linux-afs@lists.infradead.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 00/17] rxrpc: Prelude to gssapi support
Date: Tue, 24 Nov 2020 12:08:59 -0800	[thread overview]
Message-ID: <20201124120859.10037dd6@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> (raw)
In-Reply-To: <160616220405.830164.2239716599743995145.stgit@warthog.procyon.org.uk>

On Mon, 23 Nov 2020 20:10:04 +0000 David Howells wrote:
> Here are some patches that do some reorganisation of the security class
> handling in rxrpc to allow implementation of the RxGK security class that
> will allow AF_RXRPC to use GSSAPI-negotiated tokens and better crypto.  The
> RxGK security class is not included in this patchset.
> 
> It does the following things:
> 
>  (1) Add a keyrings patch to provide the original key description, as
>      provided to add_key(), to the payload preparser so that it can
>      interpret the content on that basis.  Unfortunately, the rxrpc_s key
>      type wasn't written to interpret its payload as anything other than a
>      string of bytes comprising a key, but for RxGK, more information is
>      required as multiple Kerberos enctypes are supported.
> 
>  (2) Remove the rxk5 security class key parsing.  The rxk5 class never got
>      rolled out in OpenAFS and got replaced with rxgk.
> 
>  (3) Support the creation of rxrpc keys with multiple tokens of different
>      types.  If some types are not supported, the ENOPKG error is
>      suppressed if at least one other token's type is supported.
> 
>  (4) Punt the handling of server keys (rxrpc_s type) to the appropriate
>      security class.
> 
>  (5) Organise the security bits in the rxrpc_connection struct into a
>      union to make it easier to override for other classes.
> 
>  (6) Move some bits from core code into rxkad that won't be appropriate to
>      rxgk.

Pulled into net-next, thank you!

      parent reply	other threads:[~2020-11-24 20:09 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-23 20:10 [PATCH net 00/17] rxrpc: Prelude to gssapi support David Howells
2020-11-23 20:10 ` [PATCH net-next 01/17] keys: Provide the original description to the key preparser David Howells
2020-11-23 20:10 ` [PATCH net-next 02/17] rxrpc: Remove the rxk5 security class as it's now defunct David Howells
2020-11-23 20:10 ` [PATCH net-next 03/17] rxrpc: List the held token types in the key description in /proc/keys David Howells
2020-11-23 20:10 ` [PATCH net-next 04/17] rxrpc: Support keys with multiple authentication tokens David Howells
2020-11-23 20:10 ` [PATCH net-next 05/17] rxrpc: Don't retain the server key in the connection David Howells
2020-11-23 20:10 ` [PATCH net-next 06/17] rxrpc: Split the server key type (rxrpc_s) into its own file David Howells
2020-11-23 20:10 ` [PATCH net-next 07/17] rxrpc: Hand server key parsing off to the security class David Howells
2020-11-23 20:11 ` [PATCH net-next 08/17] rxrpc: Don't leak the service-side session key to userspace David Howells
2020-11-23 20:11 ` [PATCH net-next 09/17] rxrpc: Allow security classes to give more info on server keys David Howells
2020-11-23 20:11 ` [PATCH net-next 10/17] rxrpc: Make the parsing of xdr payloads more coherent David Howells
2020-11-23 20:11 ` [PATCH net-next 11/17] rxrpc: Ignore unknown tokens in key payload unless no known tokens David Howells
2020-11-23 20:11 ` [PATCH net-next 12/17] rxrpc: Fix example key name in a comment David Howells
2020-11-23 20:11 ` [PATCH net-next 13/17] rxrpc: Merge prime_packet_security into init_connection_security David Howells
2020-11-23 20:11 ` [PATCH net-next 14/17] rxrpc: Don't reserve security header in Tx DATA skbuff David Howells
2020-11-23 20:11 ` [PATCH net-next 15/17] rxrpc: Organise connection security to use a union David Howells
2020-11-23 20:25   ` Joe Perches
2020-11-23 21:08   ` David Howells
2020-11-23 20:11 ` [PATCH net-next 16/17] rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet David Howells
2020-11-23 20:12 ` [PATCH net-next 17/17] rxrpc: Ask the security class how much space to allow in a packet David Howells
2020-11-24 20:08 ` Jakub Kicinski [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201124120859.10037dd6@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com \
    --to=kuba@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=linux-afs@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).